We've touched on the impending demise of XP Service Pack 2 (SP2) on a couple of occasions in the past week or so, and if you were still caught off guard today by Microsoft ending support, then extend your leg and swing it back as far and as fast as possible, with the goal being to kick yourself in your own ass for failing to pay attention.
Whether you were ready for it or not, what happens now? For starters, Microsoft will stop sending out updates and security patches for the now-defunct version of Windows, leaving XP SP2 users vulnerable in a number of areas, including IE, WMP, and Outlook Express.
You do have some options, however, the most obvious one being to upgrade to SP3. If for whatever reason that's not an option and you're simply stuck on XP SP2, you can make the best of a bad situation by first and foremost getting rid of IE. It doesn't matter what version of Microsoft's popular browser you're running, you won't be receiving updates. Instead, consider (strongly) switching to any of the alternatives, such as Firefox, Chrome, Safari, or Opera, all of which will continue kicking out updates.
Other steps you can take: update other programs, install AV software (if you haven't already), keep your firewall running, and cross your fingers.
Everyone has different reasons for exposing Windows security flaws. Some do it for avenging a fellow security researcher's insult, others to bring home the bacon. Unlike the Microsoft -Spurned Researcher Collective, which falls in the former category, Danish security firm Secunia's motivation is purely pecuniary.
“The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function,” Secunia said on its site.
According to group manager Jerry Bryant, “Microsoft is investigating new public claims of a possible vulnerability in Windows 2000 and Windows XP.” However, he is unaware of any attacks based on the vulnerability.
It didn't take long for digital ne'er do gooders to actively exploit a new Windows XP flaw discovered by a Google engineer last month. In a blog post on Wednesday, Microsoft said it noted some 10,000 "distinct computers" have fallen prey to the attack.
"At first, we only saw legitmate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said. "Those intial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."
Microsoft also said the attacks are no longer limited to specific geographies, noting outbreaks in Portugal, Russia, Croatia, Germany, Spain, Greece, Turkey, Saudi Arabia, Brazil, and several others, including the United States.
The exploit involves a vulnerability in the Windows Help and Support Center software that comes with Windows XP. In short, the attack is being used to download various malware, as well as a piece of software called Obitel that...downloads more malware. Go figure.
Microsoft has acknowledged that it is aware of a zero-day vulnerability in the HCP protocol. It learned about the threat on June 5, 2010 from Google security engineer Tavis Ormandy, who barely waited four more days before making the details of the threat public, complete with his proof-of-concept exploit code.
Microsoft took a dim view of Ormandy’s eagerness to make a public disclosure. “Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk,” wrote Mike Reavey, director of the Microsoft Security Response Center, in a blog post.
Reavey also criticized Ormandy for not being thorough in his analysis: “It turns out that the analysis is incomplete and the actual workaround Google suggested is easily circumvented.”
The vulnerability is known to affect Windows XP and Windows Server 2003 only. Microsoft is currently working on a fix. In the interim, users can protect themselves by unregistering the HCP protocol as described in Microsoft Security Advisory 2219475.
If you prefer your netbooks in the Windows XP flavor, you might want to plan ahead and buy a six pack. Starting this coming October, Microsoft will no longer allow manufacturers to install XP on netbooks. Microsoft has previously alerted OEMs to this, but took the opportunity this week to remind everyone.
Microsoft went out of its way to optimize Windows 7 for netbooks, and most users seem to be fine with the newer OS. The number of Windows 7 netbooks has been increasing steadily, while XP machines are declining, Though, there are still a number of XP netbooks being sold.
OEMs are rumored to be paying about $50 per Windows 7 license, as opposed to a mere $15 for XP. We can see why they'd want to continue offering XP on some machines, given the famously low profit margins on netbooks. Do you still want XP on your netbooks?
I have Windows 7 Home Edition 64-bit. When I download pictures from the Internet, I want to save them to a specific folder—let’s call it ABC. I right-click the picture and select Save Picture As. Then Windows Explorer sends me to Libraries\Picture Library. I then navigate to ABC folder and click it, then click Save. I right-click the second picture, but I’m sent back to the pictures library! The save dialog in Windows XP would open right at the last directory I saved photos to, so I didn’t have to click back to the ABC folder every time. Why won’t Windows 7 do the same?
Read the Doctor's answer for Glenn after the jump.
Security software firm McAfee apologized last week for issuing an update to the company's corporate antivirus suite that caused the scanner to identify a benign file in Windows XP machines as a virus. The screw up, which mainly affected XP SP3 rigs, had IT departments scrambling to repair and restore machines that had crashed.
"First off, I want to apologize on behalf of McAfee and say that we're extremely sorry for any impact the faulty signature update file may have caused you and your organizations," said Barry McPherson, executive vice president of support and customer service, in a blog post.
McPherson went on to blame the situation on a recent change made to McAfee's QA environment that resulted in a faulty DAT making its way out of the company's test environment and onto customer PCs.
McAfee didn't disclose how many computer systems were affected, though some estimates put the number in the thousands. The timing is especially bad for McAfee, as the company's consumer oriented internet security suite seemed to have turned a corner with this year's release, earning an 8 verdict in our recent 10-man security shootout.
There are some details are leaking out regarding antivirus maker McAfee's assessment of yesterday's buggy update to their corporate security software. The update caused Windows XP machines to crash left and right. The confidential documents were sent to Ed Bott, and paint a picture of poor quality control. The anonymous sender of the email says the error was totally preventable.
The document itself seems to indicate that steps in the testing process were not followed. McAfee requires peer-review of all DAT update files, and apparently that didn't happen. They also inexplicably failed to test the update with Windows XP SP3, the operating system affected by the bug. Just as a reminder, this is an enterprise product. You'd expect special attention to be paid to the QC process.
It's a little telling that McAfee's website has not been updated with any details on the error. Could it be they are working on a way to spin this unflattering evidence into a bad news/good news statement? Businesses definitely are suffering financially from this incident which will likely require techs to make a visit to each and every affected PC. Any reports from the field? Are you seeing clean-up efforts proceed as planned?
Users of McAfee's corporate antivirus product found themselves wrestling with some pretty serious problems today. The most recent DAT update for the antivirus suite caused the scanner to identify the benign Windows svchost.exe file as a virus. The antivirus' course of action is clear; it deletes the file. The result is a lot of crashed PCs and unhappy IT departments. This isn't even the first time McAfee has had an error like this.
When the gravity of the situation was made clear, McAfee pulled the update from their servers and reiterated that it had only been pushed out to machines running the corporate edition of the software. The problem, according to McAfee, mainly affects PCs running XP SP3. Given that a lot of business environments still run on XP, that's a lot of potential machines.
McAfee has issued a "fix", but inexplicably, it only helps those who haven't yet had their machines crash after receiving the update. Currently, the only way for IT departments to fix the issue involves repairing the Windows install manually. Has anyone out there had any experience with this bug today?
Microsoft announced today that hardware level virtualization will no longer be required to run XP Mode on Windows 7. The change is effective immediately, but those already running XP Mode don’t need to get new copies. Any users on Windows 7 Professional or higher can download and run the new code regardless of hardware support.
The news that XP Mode would need hardware virtualization was a bit dismaying to some. It was ofeten difficult to tell if a CPU had the correct features, and some surprisingly modern CPUs lacked them. The scale of the discontent led Microsoft to develop a way to run XP Mode without the BIOS level virtualization.
If you’re on a Windows 7 system without hardware virtualization, you can get your free copy of XP Mode for 32-bit or 64-bit.